Hacking attempts - should I be worried? Hacking attempts - should I be worried?
 

News:

CPG Release 1.6.26
Correct PHP8.2 issues with user and language managers.
Additional fixes for PHP 8.2
Correct PHP8 error with SMF 2.0 bridge.
Correct IPTC supplimental category parsing.
Download and info HERE

Main Menu

Hacking attempts - should I be worried?

Started by Theli, January 23, 2004, 11:03:43 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Theli

Hi just checked the visitor log on my website and the login page of my gallery was accessed 17462 times during one hour (compared to the normal 150). Wich has led me to believe that someone is using a program like Accessdiver to find the login and password. And this is not the first time it's happened.

The question is, is there a threat to the security of my site?
Has this happened to anyone else here?
M

Joachim Müller

I don't know of any special vulnerability of coppermine related to logins (although it'd be a nice feature for a future version of coppermine to allow only X failed logins within Y seconds). You should check that you have a strong password (8 characters, letters and numbers, some capitalized, no dictionary word, no names, no keyboard pattern). A good idea to come up with a strong password that's easy to remember, but hard to break is memorizing a sentence that makes sense for you and use the first letters of each word.

Example: the sentence
QuoteI absolutely love Mashed Potatoes with 3 Beers
would result in the password
QuoteIalMPw3B

GauGau

Theli

I don't think my login/password is that obscure, it includes a spinoff of my name and the password is a dictionaryword (uncommon, but still).

Can I change the password without re-installing the entire gallery?
M

Casper

You can change your coppermine password.  there are a couple of ways to do it.  As you cannot edit your own details in the usermgr, I find the easiest way is to create a new admin user for yourself, log on as that user, then edit your original user details.

Or you could do it using your database tool.

You can edit your database password using your db tool, but you then have to edit your include/config.inc.php on the server, to your new password.
It has been a long time now since I did my little bit here, and have done no coding or any other such stuff since. I'm back to being a noob here

Theli

Ok, I've created a new user in the Administrator group with a more cryptic username and password (no actual words).
Can I delete the original administrator (being logged in as the new) without causing problems?
M

Theli

A few smaller attempts has been made to hack into my gallery with a total of 30000 visits. I've changed the login (made it longer and less comprehensible) aswell as the password (alot longer).

Have you heard on anyone successfully managed to get the password to a coppermine gallery through this kind of hacking?
M

Theli

It swallowed alot of bandwith, so I deleted "login.php". I'm always logged in anyway...
M

Casper

So how are your members going to log i?  :?
It has been a long time now since I did my little bit here, and have done no coding or any other such stuff since. I'm back to being a noob here

Theli

I have no members...  :wink: :)

Here's my gallery, BTW.
http://gallery.theli.net
I've been using the coppermine gallery for a few months now, and it beats the hell out of uploading over FTP and setting up HTML based galleries.
M

LiX

This could also be an attempt to eat your bandwidth...

DJMaze

I made some code to use in PHP-Nuke to get around this problem.
If someone has time he could modify it to use in the standalone Coppermine, and place in the end of the init.inc file.

If i have the time i can do, but that could take about 4 weeks.

if ($_SERVER["REQUEST_METHOD"] == "POST") {
    if (!ereg("(http://$_SERVER[HTTP_HOST])", $_SERVER["HTTP_REFERER"])) {
        $errorpage = '<html><body><center><h1>ERROR</h1>';
        $the_error = "Someone with IP $_SERVER[REMOTE_ADDR]<br>"
                    ."tried to send information thru a POST from the following url: $_SERVER[HTTP_REFERER]<br>"
                    ."to the following page of yours: $_SERVER[REQUEST_URI]<br>";
        $the_error = $errorpage . "<form><textarea rows=\"8\" cols=\"60\">" . htmlspecialchars($the_error) . "</textarea></form></body></html>";
        if (is_admin($admin)) {
            die($the_error);
        } else if ($adminmail && $adminmail != '') {
            $subject = "POST Error on $sitename";
            $xheaders = "From: $sitename <" . $adminmail . ">\n";
            $xheaders .= "X-Sender: <" . $adminmail . ">\n";
            $xheaders .= "X-Mailer: Mozilla\n"; // mailer
            $xheaders .= "X-Priority: 1\n"; // Urgent message!
            $xheaders .= "Content-Type: text/html; charset=iso-8859-1\n"; // Mime type
            mail($adminmail, $subject, $the_error, $xheaders);
        }
        die('Posting from other server not allowed!');
    }
}


It would be even better to create a IP blocker sql table, and then compare the "user" IP to the SQL table if a compare is made the "user" will be blocked.
There are 2 kinds of users in this world: satisfied and complainers.
Why do we never hear something from the satisfied users?
http://coppermine-gallery.net/forum/index.php?topic=24315.0